News & Announcements
District 2 has been informed that we are one of the districts impacted by a data breach at PowerSchool. The District stores some of our staff and student information on PowerSchool’s computers. PowerSchool has confirmed that the breach was in their system and not related to any District action.
PowerSchool confirmed that there was unauthorized access to District 2 data fields that included current and past student information. PowerSchool has now provided the District with an initial understanding of the potential scope of the data breach that is affecting thousands of school districts. PowerSchool confirmed for the District which information was downloaded and which information was not downloaded.
Types of District information:
- Downloaded: student, family, custodial and emergency contact information; limited medical alert information (e.g., allergies, life-threatening conditions); date of birth; dates, school, and grade of enrollment; free and reduced lunch status; District 2 ID number for students and staff; ethnicity and gender; staff school email addresses and personal contact information
- Not downloaded: social security numbers, student passwords, banking information, credit card information, and photographs. Those items were stored in other locations at PowerSchool and were not accessed.
PowerSchool indicated that they have closed the access that was used to access data, and they have reason to believe the data was not shared.
District Response:
While the breach occurred within PowerSchool-operated systems, District 2 has taken steps to safeguard the security and integrity of its own systems and protect our data. These steps include:
- Collaborating closely with PowerSchool and participating in their ongoing webinars to stay informed.
- Continuously monitoring our internal systems, supported by robust network security measures.
- Maintaining two-factor authentication for all employee accounts as an added layer of security.
PowerSchool’s Response:
- Conducting a comprehensive investigation with third-party cybersecurity firm CrowdStrike. Their final forensic report is expected to be released at the end of next week and will provide a clearer understanding of the incident and its potential impact.
- Monitoring the dark web to ensure the data obtained during the breach is not disseminated.
- Strengthening their internal protocols and working with federal authorities, including the FBI.
- Continuing communications regarding the breach, including offering credit monitoring and support, which will be forthcoming.
What Can You Do:
While PowerSchool has assured us the risk of misuse is low, we encourage you to take these precautions:
- Review any recent communication from PowerSchool.
- Be cautious of any unsolicited emails or phone calls.
- Consider changing your PowerSchool password, especially if you reuse passwords across platforms.
- Monitor email accounts for any unusual activity.
Next Steps:
The District is actively working with PowerSchool to monitor the situation and to conduct a thorough investigation of the breach. District 2 takes the security of all student, family, and staff data very seriously, and will continue to monitor our District records. The District will share further information as it becomes available from PowerSchool. If you would like to contact PowerSchool directly, you may do so at Security@PowerSchool.com.
Dr. Katie McCluskey
Superintendent of Schools
Bensenville School District 2